From owner-freebsd-current Sun Nov 19 19:49:38 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA03971 for current-outgoing; Sun, 19 Nov 1995 19:49:38 -0800 Received: from ref.tfs.com (ref.tfs.com [140.145.254.251]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA03966 for ; Sun, 19 Nov 1995 19:49:33 -0800 Received: (from julian@localhost) by ref.tfs.com (8.6.12/8.6.9) id TAA02660; Sun, 19 Nov 1995 19:48:19 -0800 From: Julian Elischer Message-Id: <199511200348.TAA02660@ref.tfs.com> Subject: Re: rlogind wont allow root without password... rshd will. To: peter@jhome.DIALix.COM (Peter Wemm) Date: Sun, 19 Nov 1995 19:48:18 -0800 (PST) Cc: terry@lambert.org, current@FreeBSD.ORG In-Reply-To: from "Peter Wemm" at Nov 20, 95 11:23:39 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 2571 Sender: owner-current@FreeBSD.ORG Precedence: bulk It's arguable that in fact it's rsh that should be changed to dissallow root access.. someone somewhere must have made that change for a reason.. (one also needs to have "secure" on the ptys for this to work I note).. Peter, any chance you called that kid? > > On Sun, 19 Nov 1995, Terry Lambert wrote: > > > As root: > > > I can do "rsh freebsdmachine sh -i" and get a root shell. > > > I cannot do a "rlogin freebsdmachine" - it asks for a password. > > > > > > I think this is a futile attempt at "security-through-inconvenience" > > > (worse than the infamous security-through-obscurity) as it achieves > > > nothing but force people to use the non-wtmp-logged facility. > > > > You have convinced me. Someone needs to fix rsh so that the attempt > > is not futile. Root access should require an explicit .rhosts; the > > rlogin is failing correctly, apparently in a hosts.equiv case? > > rshd is working perfectly.. It is correctly ignoring hosts.equiv (via > iruserok() etc in libc) but is allowing explicit configuration in the > .rhosts file of root. > > > You haven't really documented the environment that allows the rsh to > > succeed so that it can be fixed... > > rlogind is what I'm complaining about. It wont let me do something that > I consider to be safer than having plaintext root passwords going over > the network... > > This is what I want to change: > > Index: rlogind.c > =================================================================== > RCS file: /home/ncvs/src/libexec/rlogind/rlogind.c,v > retrieving revision 1.5 > diff -u -5 -r1.5 rlogind.c > --- rlogind.c 1995/10/15 03:40:57 1.5 > +++ rlogind.c 1995/11/20 03:19:24 > @@ -585,14 +585,13 @@ > getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); > > pwd = getpwnam(lusername); > if (pwd == NULL) > return (-1); > - if (pwd->pw_uid == 0) > - return (-1); > /* XXX why don't we syslog() failure? */ > - return (iruserok(dest->sin_addr.s_addr, 0, rusername, lusername)); > + return (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0, > + rusername, lusername)); > } > > void > getstr(buf, cnt, errmsg) > char *buf; > > iruserok() is what is reponsible for the additional restrictions for root > logins... > > The environment that I'm complaining about: > on the server: > root has /root as a home directory > there is a /root/.rhosts file listing "client root" > on the client, as root: > rsh server sh -i works. > rlogin server always asks for a plaintext password due to the above. > > Cheers, > -Peter > >